Candidate Information Name Available: Register for Free Title Third Party Risk/Review Program Analyst Target Location US-MD-Baltimore Email Available with paid plan Phone Available with paid plan	20,000+ Fresh Resumes Monthly     View Phone Numbers     Receive Resume E-mail Alerts     Post Jobs Free     Link your Free Jobs Page     ... and much more Register on Jobvertise Free
Search 2 million Resumes Keywords: City or Zip:	Related Resumes Risk Management Third Party Washington, DC Information Security Risk Management Silver Spring, MD Vice President Risk Management Middle River, MD Risk Management Security Clearance Rockville, MD Risk Management Information Security Washington, DC Risk Management Continuous Improvement Herndon, VA Risk Management Scrum Master Reisterstown, MD

Candidate's Name
Washington, DC Street Address
EMAIL AVAILABLEPhone: PHONE NUMBER AVAILABLESUMMARYAccomplished IT Risk Analyst professional with years of experience in performing IT Audit, Vendor/Third Party Risk Assessment and Security Control Assessment with deep knowledge of SSAE (SOC 1, SOC 2), NIST, HIPPA, HITRUST, SIG, PCI-DSS, ISO 27001 to achieve Confidentiality, Integrity, and Availability of Information Systems. Knowledge of Access Control Audit, Compliance Testing, Risk Management and Remediation, Change Management, Security Maintenance, Policies, Procedures, and Incident Response.WORK EXPERIENCECity National Bank April 2022-PresentSenior Third-Party Risk Analyst/Review Program AnalystParticipate in IT risk issues, SME reviews, and Information security issues.Participate in cyber security operations, incident response, IT risk management or investigations and remediation.Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meets and exceed minimum security standards and will effectively counter cyber threats.Assess risk within subject specialty area to evaluate the design and effectiveness of security controlsReview of documentation, perform further analysis, provide an opinion on adequacy of controls and determine the severity of findings needed.Perform focused third-party risk assessments of existing or new services and technologies, along with business counterparts.Communicate risk assessment findings to Procurement, business line owners or information governance teams and information security teams.Provide consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.Identify and facilitate implementation of appropriate controls to effectively manage third party risks as needed.Identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks and assessing the residual risk.Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.Coordinate the identification and ranking of vendor risks, Coordinate the classification and tiering of vendors by risks and risk impacts. Build communication and escalation plans around vendor risk management activities within the enterprise.Understand and applies relevant regulatory and legal compliance requirements.Manage vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies.Develop, monitors and possibly executes vendor remediation actions, mitigation and contingency plans when risks or events are identified.Ensure third- (and increasingly, fourth) party vendor regulatory compliance.Coordinate the gathering of vendor risk assessment data and prepares risk assessments for critical-related vendors as needed, to be published and communicated to stakeholders.Track identified risks and risk events.Influence vendors and business partners to ensure compliance with risk management policies.Partner with sourcing and contract management functions.Collaborate, as appropriate, with information security, finance, compliance and/or disaster recovery.Work with regulatory officers and auditors as necessary.Communicate identified risk requirements and violations to internal stakeholders (and end users withinthe business) and responsible vendors while supporting the response to and the addressing of these issues.Develop and coordinates vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model.Adhere to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).Adhere to Bank policies and procedures and completes required training.Capital One Jan 2020 - April 2022 Third Party Risk AnalystWorked with vendor for oversight to ensure adequate tier-in for vendors-based application on the level of data they have access to.Designed and constantly upgraded suppliers questionnaires to ensure all areas of new threat signatures discovered are covered.Administered questionnaires to all vendors to determine the control effectiveness.Conducted onsite and virtual risk assessment to continuously determine the security posture at the vendor site.Reviewed Planned and conducted security risk assessments for all third-party vendors/suppliers.and validated all controls at the vendor site to ensure data confidentiality.Validated security questionnaires during onsite vitals, to ensure up to date data protection on vendor site.Conducted on-site risk assessments based on agreed upon procedures guidelines.Reviewed all essential security policies and procedures documentation.Provided detailed reports of assessments to business owners and the vendor management office.Worked as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.Escalated issues of 3rd party vendors non-compliance to the vendor risk management office (VMO).Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.Ensured third party relationship adhere to companys policies, procedures and compliant with regulatory guidelines and industry best practices.Facilitated remediation for any third-party related operational issues as needed.Assessed operational fitness of assigned third parties through due diligence reviews.Provided ongoing monitoring for third party risk due diligence.Conducted high level meeting to discuss findings and remediation.Performed work within RSAM, RSA Archer and Service Now.CareFirst BlueCross BlueShield Dec 2016-Dec 2019Third Party Risk AssessorValidated that business units (first line) are executing the TPRM program requirements effectively.Reviewed third party risk assessments for conformance to program objectives and methodology.Assisted in researching, reviewing, developing, and maintaining TPRM policies and standards that comply with federal and state regulatory laws.Effectively monitored the tracking of issues, gaps, and exceptions and mitigation plans as they relate to third party risks to ensure timely resolution.Prepared third party portfolio reporting of risk and performance to senior executives.Ensured timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.Evaluated the TPRM program to identify optimization opportunities and provide recommendations for process improvement.Performed business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks.Evaluated control libraries and identified when controls need to be refreshed or added.Served as TPRM subject matter expert to first line, providing risk management guidance as needed.Performed testing of controls for all phases of the TPRM lifecycle; identified and evaluated deficiencies and assisted with quarterly reporting on test results and issue trends.Interfaced with Business unit and the Vendor to discuss finding and remediation.Apple June 2015-Nov 2016IT Auditor/CompliancePrepared IT audit program to include access control, change management controls and computer operations controls; and identified deficiencies in the design and operating effectiveness of control and provided recommendation.Identified and communicated IT audit findings to senior management and clients.Maintained good working relationship with the clients to enhance customers satisfaction and work with client management and staff at all levels to perform audit service.Performed all stages of audit planning, fieldwork, executive, reporting and follow up.Conducted testing of Sarbanes-Oxley (SOX), Service Organization Control (SOC), SSAE 18 Review, using COBIT.Trained junior auditors on auditing standards and provided them technical audit training such as auditing Windows, auditing PeopleSoft, SAP and other audit concepts.Participated in team kick-off meetings and drew up audit plans.Reviewed IT General Controls (ITGC) and various applications, databases, operating systems and network devices.Performed and documented audit activities in accordance with professional standards such as COBIT, COSO and SOX internal control frameworks Audit Project.Handled of special projects such as Segregation of Duties (SOD) and SOX Compliance business challenge and identify conflicts or inadequate internal controls and provide recommendations.EDUCATIONUniversity of Lagos (Nigeria) Bachelors in Sociology & Info tech.CERTIFICATIONS AND LICENSESCertified Information Systems Auditor (CISA) CertifiedPROFESSIONAL AFFILIATIONS:Information System Audit and Control Association (ISACA)